ddb/delete.php at master · yosko/ddb · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
<?php

/**
 * DDb - Copyright 2013 Yosko (www.yosko.net)
 *
 * This file is part of DDb.
 *
 * DDb is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * DDb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with DDb.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

include_once "inc/functions.php";

initDDb($db, $settings, $tpl, $user);

if($user['isLoggedIn']) {

    //if delete button was clicked
    if( isset($_POST["delete"]) ) {
        $deleteAction = true;
    } else {
        $deleteAction = false;
    }

    if( isset($_GET["id"]) ) {
        $dream = array();
        $dream['id'] = $_GET["id"];

        //if cancel was clicked or if user isn't allowed to delete the dream
        if( isset($_POST["cancel"]) || (!isAuthor($user['id'], $dream['id']) && $user['role'] != 'admin') ) {
            header("Location: dream.php?id=".$_GET["id"]);
            exit;
        } else {
            $editButtons = true;
            $tpl->assign( "editButtons", $editButtons );
        }

        //get dream informations
        $qryDream = $db->prepare(
            "SELECT a.dreamerName, strftime('%d/%m/%Y', d.dreamDate) AS dreamDate, d.dreamTitle"
            ." FROM ddb_dream d LEFT JOIN ddb_dreamer a on d.dreamerId_FK = a.dreamerId"
            ." WHERE dreamId = :dreamId");
        $qryDream->bindParam(':dreamId', $dream['id'], PDO::PARAM_INT);
        $qryDream->execute();

        $qryDream->bindColumn('dreamerName', $dream['dreamerName']);
        $qryDream->bindColumn('dreamDate', $dream['date']);
        $qryDream->bindColumn('dreamTitle', $dream['title']);

        //read the first line to feed the bind variables
        $exists = $qryDream->fetch(PDO::FETCH_BOUND);

        //delete the dream
        if($deleteAction && $exists) {
            //delete the tags attached to the dream
            $qry = $db->prepare(
                'DELETE FROM ddb_dream_tag WHERE dreamId_FK = :dreamId');
            $qry->bindParam(':dreamId', $_GET["id"], PDO::PARAM_INT);
            $qry->execute();

            //delete the dream itself
            $qry = $db->prepare(
                'DELETE FROM ddb_dream WHERE dreamId = :dreamId');
            $qry->bindParam(':dreamId', $_GET["id"], PDO::PARAM_INT);
            $qry->execute();
        }

        $tpl->assign( "deleteAction", $deleteAction );
        $tpl->assign( "dream", $dream );

    } else {
        $exists = false;
    }

    $tpl->assign( "exists", $exists );
    $tpl->draw( "delete" );
}

?>